Description
SQLite before 3.53.2 contains a heap-based buffer overflow vulnerability in the FTS5 full-text search extension that allows attackers to cause a crash or execute arbitrary code by supplying a crafted database with malicious continuation page metadata specifying a szLeaf value smaller than 4. Attackers can trigger an integer underflow in fts5ChunkIterate() causing an inflated remaining byte count during FTS5 MATCH query processing, leading to a heap buffer overflow of attacker-controlled data in applications compiled with SQLITE_ENABLE_FTS5.
Published: 2026-06-09
Score: 8.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

SQLite versions earlier than 3.53.2 contain a heap‑based buffer overflow in the FTS5 full‑text search extension. A crafted database can include malformed continuation page metadata that specifies a szLeaf value smaller than four bytes. When the database engine processes a MATCH query, the fts5ChunkIterate function triggers an integer underflow, inflating a remaining byte count and causing a buffer overflow on the heap. The overflow can lead to a crash or, if exploited successfully, arbitrary code execution within the host process.

Affected Systems

The vulnerability affects the SQLite library itself, specifically builds compiled with the SQLITE_ENABLE_FTS5 option. All releases before version 3.53.2 are susceptible to the flaw. Applications that embed SQLite in this configuration should consider the affected operating environment.

Risk and Exploitability

The CVSS score of 8.5 categorizes this flaw as high severity, and while EPSS information is not available, the lack of a KEV listing does not diminish the risk to systems that use the vulnerable SQLite builds. Attackers can exploit the flaw by delivering a malicious database file to an application that processes FTS5 queries, making it an offline or local compromise vector. Successful exploitation could enable the attacker to control code execution, causing loss of confidentiality, integrity, and availability of affected systems.

Generated by OpenCVE AI on June 9, 2026 at 22:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the SQLite library to version 3.53.2 or later, which contains a patch that removes the integer underflow and buffer overflow condition.
  • If an upgrade is not immediately possible, recompile the application without the SQLITE_ENABLE_FTS5 option to eliminate the vulnerable code path.
  • Implement strict validation of database files and restrict write access to trusted users so that an attacker cannot inject a malicious continuation page into the FTS5 metadata.

Generated by OpenCVE AI on June 9, 2026 at 22:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 00:30:00 +0000

Type Values Removed Values Added
First Time appeared Sqlite
Sqlite sqlite
Vendors & Products Sqlite
Sqlite sqlite

Tue, 09 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
Description SQLite before 3.53.2 contains a heap-based buffer overflow vulnerability in the FTS5 full-text search extension that allows attackers to cause a crash or execute arbitrary code by supplying a crafted database with malicious continuation page metadata specifying a szLeaf value smaller than 4. Attackers can trigger an integer underflow in fts5ChunkIterate() causing an inflated remaining byte count during FTS5 MATCH query processing, leading to a heap buffer overflow of attacker-controlled data in applications compiled with SQLITE_ENABLE_FTS5.
Title SQLite before 3.53.2 Heap Buffer Overflow via FTS5 fts5ChunkIterate
Weaknesses CWE-122
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Sqlite Sqlite
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-09T19:41:18.725Z

Reserved: 2026-06-09T19:11:14.440Z

Link: CVE-2026-11824

cve-icon Vulnrichment

Updated: 2026-06-09T19:41:14.846Z

cve-icon NVD

Status : Received

Published: 2026-06-09T20:16:32.300

Modified: 2026-06-09T20:16:32.300

Link: CVE-2026-11824

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T00:15:16Z

Weaknesses